• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Connection not working properly - Timeouts - no RX on Mikrotik

Started by bjoernhoefer, August 01, 2016, 05:04:41 PM

Previous topic - Next topic

bjoernhoefer

Hi there,

as it is holiday season I've dedicated some spare time to getting my IPv6 Tunnel up and runnning again - and ran into the problem, that my tunnel can send data but never receives any data...

My setup:
912UAG-5HPnD
Sierra Wireless MC7710 3G/4G PCI Card for Internet-Connectivity
Several other clients (Other Mikrotik Routerboards and a Mac).

My IP address is dynamic so I've update it with a script found at the mikrotik-wiki which works fine (tested a few moments ago) - as soon my ip changes HE gets an update.

All clients are working fine with the provided internal scope: 2001:470:26:301::/64

But none of them is able to send requests beyond my internal borders...

If I try to ping the IPv6 2001:470:25:301::1 which is my default gateway - I'll get an timeout (tested on the router itself, another mikrotik router and my mac).

On the mikrotik router which holds the sit1 tunnel, I see packets leaving the interface - but none of them are getting back (absolutely zero - none...)

Also with wireshark I was able to see, that the packets are leaving - with the IPv6 destination 2001:470:25:301::1 and the IPv4 destination 216.66.80.98 - but nothing gets answered...

A few configurations from my mikrotik router:

ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
#    ADDRESS                                     FROM-... INTERFACE        ADV
0 DL fe80::e68d:8cff:fef7:af59/64                         VLAN666          no
1 DL fe80::e68d:8cff:fef7:af59/64                         VLAN10           no
2 DL fe80::e68d:8cff:fef7:af59/64                         VLAN1            no
3 DL fe80::e68d:8cff:fef7:af59/64                         vlan666          no
4 DL fe80::e68d:8cff:fef7:af59/64                         ether1           no
5 DL fe80::4421:ccff:febe:507/64                          lte1             no
6 DL fe80::200:5eff:fe00:101/64                           gw-vlan10        no
7  G 2001:470:25:301::2/64                                sit1             no
8  G 2001:470:26:301::1/64                                VLAN666          yes
9 DL fe80::fefd:0/64                                      sit1             no


ipv6 route print   
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
#      DST-ADDRESS              GATEWAY                  DISTANCE
0 A S  2000::/3                 2001:470:25:301::1              1
1 ADC  2001:470:25:301::/64     sit1                            0
2 ADC  2001:470:26:301::/64     VLAN666                         0


interface 6to4 print
Flags: X - disabled, R - running
#       MTU ACTUAL-MTU LOCAL-ADDRESS   REMOTE-ADDRESS             
0  R ;;; Hurricane Electric IPv6 Tunnel Broker
        1480       1480 178.112.22.4  216.66.80.98               



/ip firewall filter
add chain=input protocol=ipv6
add chain=input connection-state=established,related,new protocol=ipv6
add chain=output protocol=ipv6
add chain=input connection-state=established,related,new log=yes src-address=216.66.80.98
add chain=output dst-address=216.66.80.98
add chain=input comment="Allow limited pings" limit=50,2:packet protocol=icmp
add action=drop chain=input comment="Drop excess pings" protocol=icmp


/ipv6 firewall filter
add chain=output protocol=icmpv6
add chain=input protocol=icmpv6
add chain=output
add chain=input


In the firewall-counters I can see that traffic is going to 216.66.80.98 - but there is no traffic going back (

I've also talked with my internet-provider in advance - they do not filter out anything, as this can be disabled via self-servive portal (already done that ages ago).

I've also deleted my whole configuration and passed in the following configuration to my router (again).

/interface 6to4 add comment="Hurricane Electric IPv6 Tunnel Broker" disabled=no local-address=178.112.22.4 mtu=1280 name=sit1 remote-address=216.66.80.98
/ipv6 route add comment="" disabled=no distance=1 dst-address=2000::/3 gateway=2001:470:25:301::1 scope=30 target-scope=10
/ipv6 address add address=2001:470:25:301::2/64 advertise=no disabled=no eui-64=no interface=sit1



Here in this forum a few other posts were made with almost the same "errors" I've running into - strangely they did not get a lot of feedback, maybe someone can finally explain if this is a general problem, or how you could get rid of that.


Hopefully someone can help me.


Thanks in advance

Björn

cholzhauer

I'll admit I did not study this in detail...have you emailed ipv6@he.net and asked them to look at your tunnel?  I've seen edge cases where the tunnel just doesn't get setup correctly.

bjoernhoefer

I've did - I'll keep this thread updated, if any news come in.

So far I've only received an acknowledgement mail by support.